<?php

include_once ('mysql/dbHelper.php');
include_once 'session/access.php';

//$host="localhost";
//echo $host;
//echo '<br>';
session_start();
if (!isAuthorized("login_page.php")) {
    header("location: notAuthorized.php?page=login_page");
}

$tblName = "user";
//get username and password from the form
$myusername = $_POST['username'];
$mypassword = $_POST['password'];

//protect against injection here todo
//build the query
$sqlSelect = "SELECT * FROM $tblName WHERE username='$myusername' and password='$mypassword'";
//echo $sql;
//echo '<br>';
//send it
$result = executeSelect($sqlSelect);

//count num rows returned
$count = mysqli_num_rows($result);

if ($count == 1) {
    while ($row = mysqli_fetch_assoc($result)) {
        $role = $row['role'];
    }

    $_SESSION['role'] = $role;
    $_SESSION['username'] = $myusername;
    $_SESSION['testMode'] = "true";
    header("location:mainPage.php?request=login&action=loginRequest");
} else {
    echo "Wrong Username or Password";
}
?>